Cybercriminals claim to be selling 15.8 million stolen PayPal credentials on dark web forums, allegedly including login emails, plaintext passwords, and URLs for automated attacks from a May 2025 breach. However, experts express significant doubts about the authenticity due to the surprisingly low price, insufficient sample data for verification, and structural similarities to older infostealer malware logs rather than direct PayPal system breaches. PayPal denied any new breach, pointing to a 2022 credential stuffing incident that affected only 35,000 accounts, with security researchers suggesting the alleged dataset may consist of credentials harvested from compromised user devices rather than PayPal’s systems. Regardless of authenticity, the incident highlights ongoing risks from credential reuse and infostealer malware, with experts recommending users change PayPal passwords, enable multi-factor authentication, monitor accounts for unusual activity, and avoid password reuse across multiple platforms to prevent identity theft and financial fraud.